An AML (Anti-Money Laundering) compliance program consists of policies and procedures that financial institutions enact to prevent money laundering and terrorist financing. An effective Anti-Money Laundering (AML) program is one of the keys to protecting businesses from illicit money and fines over non-compliance.
Let’s start from the basics. Financial businesses need to keep an eye on multiple AML guidelines, rules, and regulations. And there are many different rules to follow. Some are international, such as the Financial Action Task Force’s (FATF) Recommendations or the European Union’s AML Directives. While others are national, such as the Bank Secrecy and Patriot Acts in the US. Then you have country-specific regulators that regularly amend AML guidelines in their respective jurisdictions.
AML best practices continue to advance in order to keep such businesses stress- and fraud-free. However, incorporating new measures doesn’t always come smoothly. Business owners have to invest time and resources in renovating their AML policies and building reliable AML programs.
This article will guide you through the process of building an AML compliance program for your business, with insights from the experts at Sumsub.
What is an AML compliance program?
An Anti-Money Laundering (AML) compliance program entails everything a company does to prevent money laundering and terrorist financing
- Employee training
- Customer due diligence
- Ongoing monitoring
- Detection of suspicious operations
- Reporting.
The aim of an AML compliance program is to detect, respond, and eliminate inherent and residual money laundering, terrorist financing, and fraud-related risks.
An effective AML compliance program won’t let suspicious customers and transactions enter the financial system. However, criminals constantly invent sophisticated methods of money laundering and fraud to fly under the radar. Therefore, it’s essential to develop an AML program that can handle new and complex fraud attempts. Otherwise, businesses expose themselves to financial and reputational losses.
Suggested read: Bypassing Facial Recognition—How to Detect Deepfakes and Other Fraud
What impacts AML compliance. Before creating a compliance program, an organization has to summarize and define its potential risks and legal obligations.
- The money laundering risks it’s exposed to
- Respective local and foreign laws and punishment for non-compliance
- Potentially suspicious activities within the company.
Suggested read: Machine Learning and its Role in Fraud Detection and Anti-Money Laundering Compliance
Who needs an AML compliance program?
Exact requirements vary by country. However, the following institutions typically have to comply with AML regulations and therefore develop an anti-money laundering program:
- Financial institutions (such as banks)
- Money Service Businesses (nonbank businesses involved in converting or transmitting money)
- Real estate brokers
- Law firms
- Casino and betting companies
- Auditors and accountants
- Tax advisors
- Virtual asset service providers.
AML program requirements
AML program requirements usually include a set of measures to be adopted in order to keep money laundering out of a company’s business. AML compliance programs therefore require customer due diligence, including identity verification and ongoing monitoring of transactions. Regular training for staff members on AML regulations and procedures is essential to ensure compliance. Additionally, institutions must have mechanisms in place for independent audits to assess the effectiveness of their AML programs and make necessary improvements.
To develop a strong and effective AML compliance program, businesses have to follow a few steps.
How to develop an effective AML program: a step-by-step guide
This guide contains the steps to developing an effective compliance program:
Step 1. Appoint an AML compliance officer (AMLCO)…
… or a MLRO (Money Laundering Compliance Officer) to handle all things compliance.
AML legislation in most countries requires obliged entities to appoint an AML compliance officer. This person handles everything related to the compliance program: internal audits management, compliance analysis, development of appropriate guidelines, employee training programs, etc.
Candidates for this position must possess expert knowledge of regulatory data sources, compliance analysis tools, and demonstrate expertise in relevant regulations.
In addition, a compliance officer needs to have extensive experience in the financial sector, preferably in AML compliance, legal or internal risk audits. Another must is appropriate certification (CAMS, CAFP, CRCM, etc).
Step 2. Conduct employee training
It is necessary to design an employee training program to meet the AML requirements of the company. The program should be scheduled in accordance with recent changes in legislation or after serious incidents, such as employees involved in money laundering. If such incidents occur, it means that existing policy is ineffective and must be amended.
To have proper protection from money laundering, entities should have internal controls across all departments and branches.
Who to train: compliance and audit teams, senior management, high-risk departments that come into direct contact with clients.
Training topics:
- General information: the consequences of failing to comply with AML/CFT laws, as well as the importance of spotting and stopping these crimes.
- Legal framework: detailed review of anti-money laundering regulations.
- AML penalties: an overview of penalties for non-compliance with AML laws.
How to train: There are some conventional training methods that are commonly used onsite, online, through third-parties, or with the help of experienced employees:
- Educational presentations and webinars prepared by the company’s compliance officer;
- Interactive e-learning modules and evaluation tests to measure AML proficiency;
- Regular staff meetings concerning the latest AML issues on the market;
- Updating Anti-Money Laundering controls and guidelines according to legislation and sharing the changes with staff.
Of course, every company has to consider its AML steps depending on the industry and business specifics.
Step 3. Perform risk assessment
FATF recommendations require that financial institutions take steps to identify and assess their money laundering and terrorist financing risks, including factors relating to customers, countries or geographic areas, as well as products, services, transactions, or delivery channels.
One of the most important points is the Business-wide risk assessments which should help understand the risks in a particular AML jurisdiction.
ML/TF risks associated with business relationships should be covered by Customer Due Diligence (CDD) policies and procedures. This means deciding on the appropriate level and type of CDD for a given customer base.
Initial CDD measures should include at least the following:
- identifying the customer and, where applicable, the customer’s beneficial owner or legal representatives;
- verifying the customer’s identity on the basis of reliable and independent sources and, where applicable, verifying the beneficial owner’s identity;
- establishing the purpose and intended nature of the business relationship.
Next, the entity is required to develop policies and procedures to detect, monitor and report, where applicable, customers and transactions which pose high risk due to common risk factors, such as high-risk countries, PEPs, due diligence results, etc.
Step 4. Develop internal policies and procedures
To handle ML/TF risks and maintain regulatory compliance financial entities have to develop and implement internal AML guidelines.
- Make due diligence your focus point
Every financial institution has to perform due diligence procedures that follow both regulatory compliance demands and internal policies. Obliged firms must perform Customer Due Diligence (CDD) and monitoring procedures in respect of both natural and legal persons. The practices may vary depending on the nature of ML risks and size of the firm.
Here at Sumsub, our AML solutions and AML systems are approved by major regulators like FINMA, FCA, CySEC and MAS.
- Report suspicious activities
A powerful reporting system can immediately deliver information about money-laundering activity to relevant authorities.
Suspicious transactions must be reported to management first. Then, based on the evidence at hand, the MLRO is supposed to decide whether it is necessary to report it to the appropriate Financial Intelligence Unit (FIU) or not.
Step 5. Detect suspicious activity and report it
First of all, it is necessary to quickly expose red flags, such as:
- Abnormally large transactions;
- Bank accounts opened with insufficient client information;
- Any fake data submitted by a client.
The full list of suspicious triggers could be found here.
Reporting is one of the main requirements of AML compliance. Based on Recommendation 20 of the FATF, if a financial organization has reasons to suggest that certain funds were accumulated illegally or are linked to fraud and terrorism, it must promptly report them to a FIU.
Step 6. Organize independent audits
Getting reviewed by an independent auditor is a great way to spot weaknesses in a company’s risk assessment and compliance program. The review would include the check of KYC due diligence procedures, compliance training, monitoring, and reporting systems. Financial regulators use such audits to check whether companies are successful at preventing money-laundering crimes.
For example, Section 59(2) of the New Zealand AML/CFT Act obliges companies to carry out an independent audit every two years or upon a supervisor’s request.
Criteria for selection: An independent auditor must have sufficient AML expertise not only to examine existing policies and procedures, but to make proper recommendations for their improvement, if necessary. Under section 59B(3) of the NZ AML Act, the auditor must not have participated in developing the organization’s AML compliance program.
Sumsub commissioned Forrester Consulting to conduct aTotal Economic Impact™ (TEI) study to examine the potential value of its platform. The TEI concludes that companies that invest in Sumsub can experience an 240%ROI. This study is designed to help you evaluate Sumsub’s potential financial impact on your company. To that end, Forrester anonymously interviewed four Sumsub customers, aggregated their experiences and benefits, and combined the results into this report.
FAQ
-
What is a basic AML program?
A basic AML program includes customer due diligence, identity verification, and ongoing monitoring of transactions.
-
What are the 6 components of an AML compliance program?
- Appointing a compliance officer,
- Employee training,
- Risk assessment,
- Detection and reporting of suspicious activity,
- Internal practices,
- Internal audits.
-
Who must have an AML program?
It usually depends on the exact jurisdiction. However, financial institutions, money service businesses, casinos, real estate brokers and crypto companies typically have to comply with AML regulations and therefore develop an AML program.
-
What is AML compliance software?
AML compliance software is a digital solution designed to help financial institutions automate and streamline their anti-money laundering efforts, including transaction monitoring, customer due diligence, and suspicious activity reporting.
-
What is the Anti-Money Laundering Act?
The FinCEN AML Act of 2020 is aimed at enhancing the US anti-money laundering and counter-terrorism financing framework, incorporating provisions to modernize regulations, increase transparency, and strengthen enforcement mechanisms.
